Hi,
Thanks for your response. I'm sorry my question wasn't clearly defined
(it was will this file work correctly? If so, why?), but you seem to
have answered nonetheless, thank you.
As a followup question, is there a way to include these certs in the way
originally intended by the mozilla
with -CAfile. If -CAfile isn't specified, then
the default platform CA file is used (by default, /usr/lib/ssl/cert.pem).
This is true for verify, ocsp, smime, and cms.
Oh, right. New diff attached.
--
Ralph Holz
Network Architectures and Services
Technische Universität München
Phone +49 89 28918043
Good day,
I was using openssl verify as described in the Pastebin link to validate
a cert, using a custom root store indicated with the -CAfile option. The
custom root store contains a Comodo root, the cert to be validated is
signed by Equifax. The expected result would be for that check to fail.
Hi,
See apps/apps.c, function setup_verify. It receives 2 arguments CAfile
and CApath.
Each one is processed independently, and if either one is NULL, its
corresponding default is used.
Thanks for the quick reply. The openssl docs at
http://www.openssl.org/docs/apps/verify.html
say:
Hi,
Can someone please point me to the meaning of error code 34, as returned
by verify? I think the openssl version throwing it was 0.9.8.x, but
cannot be entirely sure as I have only the result codes to work with and
no further info.
I checked the source, 34 seems not mentioned in
Hi,
On 08/25/2011 11:15 PM, t...@terralogic.net wrote:
I know the theory. I'm also a programmer. I just never bothered to
install a root cert before. But I do know how to make them.
I'll dig around in FireFox and see where it is and how its done.
As for the bank. We build it and they
Good day,
The following is a question re: openssl verify.
In the openssl docs, I have found that no chain verification is done if the
option -purpose is not set. I just checked with a few test cases (certs
from HTTPs server, chain length at least 3) and found that the output of
verify seems to
Hi Steve,
On 9 March 2011 13:03, Dr. Stephen Henson st...@openssl.org wrote:
Am I correct in surveying that openssl verify uses a default of
sslserver
for -purpose?
No it just means that most certificates could (in theory) be use as SSL
server
certificates. If you had appropriate
Hi,
No it just means that most certificates could (in theory) be use as SSL
server
certificates. If you had appropriate extensions restrictions (e.g.
extended
key usage or the deprecated netscape certificate type) you'd notice the
difference.
Thanks for the quick answer.
Dear all,
I would like to find all errors in a given certification chain. Can someone
help me out with these questions, please?
* Which verification steps are made in server cert verification when I use
s_client with the option --showcerts, directly connecting to a server?
* Which are made when
Dear all,
I am a bit confused after reading the man pages for -showcerts and -verify.
The latter makes it sound as if it is the only way to do full verification
of a cert chain if I want to see all errors, as -showcerts would stop on the
first error. However, I've fiddled around a bit and tested
11 matches
Mail list logo